MQCyberSec

MQCyberSec Logo

MQCyberSec
Back to Writeups

Baby's First Forensics

by sealldev
🚩 CTFs DownUnderCTF 2024 forensics
Suggested: #network-forensics
Baby's First Forensics / DownUnderCTF 2024
Baby's First Forensics

Description

They've been trying to breach our infrastructure all morning! They're trying to get more info on our covert kangaroos! We need your help, we've captured some traffic of them attacking us, can you tell us what tool they were using and its version?
NOTE: Wrap your answer in the DUCTF{}, e.g. DUCTF{nmap_7.25}

Original Writeup on seall.dev

We are given a .pcap I open in Wireshark and get to work, I see HTTP traffic so start by filtering by http and following the HTTP stream.

We can see in the User Agent of the HTTP stream this: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:getinfo)

Flag: DUCTF{Nikto_2.1.6}

Related Writeups

Chunked Integrity

This is one of my favorite images! Unfortunately something has gone wrong and I cant see the whole thing, can you help f ...

Just Packets

Here pcap. Find flag.

Keeping on Schedule

One of our computers on the company network had some malware on it. We think we cleared of the main payload however it c ...

Share this writeup

Contribute

Found an issue or want to improve this writeup?

Edit on GitHub